Introducing TRACE: Threat modelling for modern organisations
Modern organisations don’t operate behind a single security perimeter anymore.
Critical systems now span cloud platforms, third-party services, automation, contractors, remote teams, and complex approval processes. Authority is distributed across people and systems, and attackers increasingly exploit the gaps between them rather than a single technical vulnerability.
Traditional threat modelling frameworks were designed for a different world.
We’re releasing TRACE, Oak Security’s open-source threat modelling methodology built for distributed, cloud-first organisations.
Unlike traditional approaches, TRACE treats technical systems, organisational structure, human decision-making, and external dependencies as parts of the same security model. It helps teams identify how trust, authority, and control flow across an organisation, before attackers do.
The open-source release includes:
The complete TRACE methodology
A detailed long-form paper explaining the framework
An editable threat modelling deck your team can adapt
TRACE is open-sourced under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence, making it free to use, adapt, and build upon.
Whether you’re securing financial infrastructure, SaaS platforms, cloud environments, or digital assets, TRACE provides a practical framework for understanding today’s attack surface.
Explore TRACE
Strengthen your operational security
Threat modelling is only one part of building resilient organisations.
To help teams improve day-to-day security practices, we’ve also expanded the Oak OpSec Academy, a growing collection of practical operational security guides covering topics including:
Device hardening
Wallet and key management
Infrastructure security
Authentication
Secure communications
Incident response
Physical security
Every guide is free to access and use, with practical, actionable recommendations that teams can implement immediately.
Browse the OpSec Academy
We hope TRACE and the OpSec Academy help teams build stronger security foundations.
As always, we’d love to hear your feedback.